Re: How can i protect my website

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Fri, 26 Jun 2015 20:47:54 +0000

On Fri, Jun 26, 2015 at 5:17 PM, Shelly Hermia Bhujun
<shelly_hermia_at_hotmail.com> wrote:
> Hello all,
>
> I would like to thank you for helping me understand the questions which has
> been bothering me for a while. I have been doing some research based on what
> you wrote and this is why i took so much time to get back to you. I
> apologies for that.
>
> From Logan:
>
>> Security is a process. If you look at Security-focused web applications
>> such as blogsum (which I use for my blog), you can see patterns of
>> systematic principles of secure programming techniques.
>
> I unfortunately don't know how to analyse patterns of systematic principles
> of secure programming techniques.
>
> How can a non-technical person identify it?
>

You cannot do that as a non-technical person.

>>Sadly, Most others web application developers tend to think of security, as
>> something that you "add" on top of existing layers. Hence, why you see so
>> many vulnerabilities today.
>
> Am not web developer but i have always thought security was an additional
> feature and expense somebody has to cater for when owning a website.

Security is the by-product of good design :)


>
> ___________________________________________________________________________________
>
> From Daniel:
>
> I don't have any statistics on numbers of websites compromised in Mauritius,
> but I imagine it's a similar rate to other places. It's a problem
> everywhere. This article suggests that there are 30,000 websites hacked per
> day.
>
> Thank you for sharing that article Daniel. I do realize that it is a problem
> occurring everyday and not only in Mauritius. What triggered my concern was
> especially seeing .mu website being compromised. But .mu is only the domain
> name right? A domain does has nothing to do with website security issues
> right?
>
> 'll be a little bit controversial, and suggest that you probably don't need
> to build a website. Instead, consider finding a SaaS (Software As a
> Service) product that does what you want. (I say controversial, because I
> don't think it's popular solution in Mauritius)
>
> If you're trying to build a shopping website, then use something like
> shopify or volusion on your own domain. If you want to do blogging maybe
> something like tumblr on a custom domain will do the trick. I think it's
> worth looking first at SaaS options, trying them out, and then only if there
> are none suitable, consider building something yourself.
>
> Using an existing platforms like these, will give you high quality software
> with better security than you can build yourself. The downside is that the
> software may not be customisable enough for you, and there is usually a
> monthly fee associated with this kind of product
>
> Thank you. I will try shopify and volusion to see how it works. I tried
> Tumblr and some other free websites such as WIX and Weebly but i did not use
> them for long as i like to customize the design. I agree that using
> existing platforms definitely offer better security at a cheaper cost
> compared to building one.
>
> Definitely get advice from somebody technical (a developer who understands
> security). But you can't avoid having to learn about yourself to
>
> I agree. Thank you Daniel.
>
> _________________________________
>
> From Ish:
>
> There is no proper survey that documents how Mauritian businesses go ahead
> with designing or maintaining their website. I cannot ascertain anything
> about frequency as I do not have data about all the web incidents recorded
> in Mauritius against total number of Mauritian designed websites.
>
> Its okay.
>
> You will 'design' a website if you are a web designer. That itself can be
> broken into two parts. There are:
>
> i) Front-end Developers, who make the visual aspect of website. That is the
> first thing you see when you visit a webpage.
> ii) Web Developers, who work on the backend code, writing the logic to
> process & store data.
>
> Most of the time vulnerabilities occur in that backend code. So, either you
> write secure code & audit it regularly, or you could use an off-the-shelf
> CMS (WordPress, Drupal etc) and patch it on time. Patching is the word we
> use when a vulnerability is discovered in an application and code that fixes
> it is applied to the application.
>
> Thank you Ish! The explanation was simple and non-tech! I will ping you if i
> have more questions.
>
> _____________________________________________________________________________________________________________________________
>
> From SM:
>
> Mauritius web sites are not the only ones having security issues. The
> frequency is nearly the same as for Reunion Island.
>
> Yes, i agree.
>
> Most of the web sites which were compromised are running a software known as
> Wordpress. You can ask the company designing the web site what software it
> will be using and what it can do to ensure that there aren't any security
> vulnerabilities once the software is running.
>
> How can i identify which software a website is running? So how do i proceed
> if i want to protect my website if it is running on Wordpress? How much
> would it cost me to hire someone who understands website security? Are the
> most reliable website
>
> Thank you.
Received on Fri Jun 26 2015 - 20:48:07 PST

This archive was generated by hypermail 2.3.0 : Fri Jun 26 2015 - 20:54:02 PST